services: Stateful Packet Inspection, firewall security, user authentication protocols, and
1. Static NAT from any Security screen. The “Static NAT” screen appears
6.10 c Event-Type
114
© 2011 Verizon. All Rights Reserved.
6.10c Event-Type
The “Details” column displays more information about the packet or the event, such as protocol, IP addresses, ports, etc. The following are the available event types that can be recorded in the security log:
802.1Q
• - a 802.1Q (VLAN) packet has been accepted.
Access
• control - a packet has been accepted/blocked because of an access control rule.
Advanced Filter Rule
• - a packet has been accepted/blocked because of an advanced filter rule.
• ARP - an ARP packet has been accepted.
AUTH:113 request
• - an outbound packet for AUTH protocol has been accepted (for maximum security level).
Broadcast/Multicast protection
• - a packet with a broadcast/multicast
source IP has been blocked.
Connection closed -
• debug message regarding connection.
Connection opened
• - debug message regarding connection.
Default
• policy - a packet has been accepted/blocked according to the default policy.
Defragmentation failed
• - the fragment has been stored in memory and
blocked until all fragments have arrived and defragmentation can be performed.
DHCP
• relay agent - a DHCP relay packet has been received (depends on the distribution)
• DHCP request - the FiOS Router sent a DHCP request (depends on the distribution)
DHCP
• response - the FiOS Router received a DHCP response (depends on the distribution)
• DMZ network packet - a packet from a demilitarized zone network has been blocked.
FiOS Router User Manual
Echo/Chargen/Quote/Snork protection
• - a packet has been blocked due to
Echo/Chargen/Quote/Snork protection.
Error: No memory
• - a new connection has not been established because of lack of memory.
Firewall internal
• - from the firewall internal mechanism, in case this event-type is recorded, an accompanying explanation will be added.
Firewall rules were changed
• - the firewall rule set has been modified.
Firewall status changed
• - the firewall changed status from up to down or the vice versa, as specified in the event type description.
First packet in connection is not a SYN packet
• - a packet has been blocked
due to a TCP connection that started without a SYN packet.
Fragmented packet
• - a fragment has been rejected.
Fragmented packet, bad align
• - a packet has been blocked because, after
defragmentation, the packet was badly aligned.
Fragmented packet, header too big
• - a packet has been blocked because,
after defragmentation, the header was too big.
Fragmented packet, header too small
• - a packet has been blocked
because, after defragmentation, the header was too small.
Fragmented packet, no memory
• - a fragmented packet has been blocked
because there is no memory for fragments.
Fragmented packet, overlapped
• - a packet has been blocked because, after
defragmentation, there were overlapping fragments.
Fragmented packet, packet exceeds
• - a packet has been blocked because,
after defragmentation, the packet exceeded.
Fragmented packet, packet too big
• - a packet has been blocked because,
Configuring Security Settings 6.10 Security Log
6
116
© 2011 Verizon. All Rights Reserved.
ICMP Flood Protection
• - a packet has been blocked, stopping an ICMP (Internet Control Message Protocol) flood.
ICMP protection
• - a broadcast ICMP message has been blocked.
ICMP redirect protection
• - an ICMP redirected message has been blocked.
ICMP replay
• - an ICMP replay message has been blocked.
• IGMP packet - an IGMP packet has been accepted.
Illegal packet options
• - the options field in the packet’s header is either illegal or forbidden.
IP Version 6
• - an IPv6 packet has been accepted.
IPV6 over IPV4
• - an IPv6 over IPv4 packet has been accepted.
Malformed packet: Failed parsing
• - a packet has been blocked because it
is malformed.
Maximum security enabled service
• - a packet has been accepted because
it belongs to a permitted service in the maximum security level.
Multicast
• IGMP connection - a multicast packet has been accepted.
NAT Error: Connection pool is full. No connection created
• - a connection
has not been created because the connection pool is full.
NAT Error: Conflict Mapping already exists
• - a conflict occurred because
the NAT mapping already exists, so NAT failed.
NAT Error: No free NAT IP
• - no free NAT IP, so NAT has failed.
NAT out
• failed - NAT failed for this packet.
Outbound Auth1X
• - an outbound Auth1X packet has been accepted.
Packet invalid in connection
• - an invalid connection packet has been
blocked.
Parental
• control - a packet has been blocked because of parental control.
Passive attack on ftp-server: Client attempted to open Server ports
• - a
packet has been blocked.
FiOS Router User Manual
PPP Discover
• - a PPP discover packet has been accepted.
PPP Session
• - a PPP session packet has been accepted.
PPTP
• connection - a packet inquiring whether the FiOS Router is ready to receive a PPTP connection has been accepted.
Remote
• administration - a packet designated for the FiOS Router management has been accepted/blocked.
Router initiated traffic
• - all traffic the FiOS Router initiates is recorded.
Service
• - a packet has been accepted because of a certain service, as specified in the event type.
Spoofing protection
• - a packet from the Internet with a source IP belonging the local network has been blocked.
STP packet
• - an STP (Spanning Tree Protocol) packet has been accepted/rejected.
SynCookies Protection
• - a SynCookies packet has been blocked.
Trusted
• device - a packet from a trusted device has been accepted.
UDP Flood Protection
• - a packet has been blocked, stopping a UDP flood.
User
• authentication - a message arrived during login time, including both successful and failed authentication.
Wildcard connection hooked
• - debug message regarding connection.
Wildcard connection opened
• - debug message regarding connection.
WinNuke protection
• - a WinNuke attack has been blocked.
Configuring Security Settings 6.10 Security Log